I've been asked to handle a security issue for a site which was set up by another programmer. As of yet, I haven't seen any of the code, so I'm going off of assumptions at this point and I want to cover my bases. The group hosting the site ran a security check and found that they had code vulnerable to SQL injection.